Introduction

This erstwhile white paper -- turned venomous rant -- is intended to elevate the consciousness of the acutely clue-impaired.  That would, of course, include hundreds of millions of users whose computers that have already been compromised!  Estimates run as high as 70% of all Internet-connected computers are presently at risk.  Clean up your act or wallow in the virus-laden mire that you have created for yourself through your "dynamic inaction" and thoughtless selfishness.  Just leave the conscientious 30% alone.

We refuse to sugar-coat the importance of good security.  If you are not making a conscious effort to curb the spread of malware, you have become an integral part of the growing problem of Internet Insecurity!  (Lackadaisical idiots are free to take offense at any time.  We really could care less.)

Malware development was once the pastime of pimply-faced delinquents with hormonal imbalances who failed miserably to hook up with the opposite sex.  The products of their laughably-misguided coding attempts were almost tolerable.  But the halcyon days of the errant script kiddy is long gone.  Malware development has become big business.  It is a heretofore untapped revenue source for cowardly criminals who prefer to rob their victims from afar without the benefit of personal contact (which might otherwise result in a swift fist-to-their-proboscis or large-boot-up-their-sorry-posteriors).  After all, where's the fun in crime when you remove the elements of gunplay, high-speed chases, rat-infested hideouts, and long jail terms?

Nevertheless, 70% of all malware / crimeware is now being developed and distributed for profit and has taken the form of Identity Theft and Internet Fraud.  Criminal elements have been known to recruit previously honest, exceptionally talented programmers (with a death wish) by offering very tempting compensation packages. 

Hundreds of thousands of viruses, worms, Trojans, key-loggers, browser hijackers, injectors, ransomware, crimeware, "spyware", plus a host of other destructive and invasive malware programs have become extremely dangerous security threats to computers everywhere -- including YOURS!

Many thousands of cyber-delinquents, terrorists, and organized criminal elements have created an increasingly hostile environment in cyberspace by circumventing firewalls and sundry intrusion detection systems.  As if that is not bad enough, these asocial vermin can harvest identities and financial data that cost their unsuspecting victims billions of dollars and untold damage to the victims' credit (also refer to our Identity Theft page).

If you are among the many millions of BDEU (brain-dead end users) who have not performed a thorough threat scan within the past day, or if you rely on the findings of a single threat scanning tool; you are asking for trouble ... very BIG trouble!  We liken those individuals to syphilitic hookers who discourage prophylactic measures.  If, on the other hand, you came here to cure a serious infection of the digital variety, many useful malware removal tools are provided below under the headings Anti-threat Utilities and Disinfection Instructions.

Most zero day threats will go undetected by at least one popular threat scanner, allowing it to pass unmolested through your so-called "virus protection".  The folks at SocketShield (and others) are on to something that, hopefully, may make vulnerabilities to zero day attacks a thing of the past.  For the present, however, please refer to VirusTotal "Failures In Detection". The simple fact that no threat scanner is completely fool-proof ought to scare the bejeebers out of any computer user with a brain, dead or otherwise. 

Let us speak frankly (as if we have granted you a choice in the matter).  You would probably seek a second opinion if your doctor were to prescribe an especially costly or dangerous medical procedure.  Would you not?  Maintaining the continued health of your computerized data should be no different.  If you think that a single anti-threat tool is adequate protection, my delusional friend, you are dead wrong.

If you perceive most spam, cookies, or adware as "threats"; you are pathetically naive.  Surely, they may be nuisances, but they ought to be the least of your concerns.

Much of this silliness has been categorized as "spyware", yet most of it is relatively harmless stuff.  It should be noted that the term "spyware" is very badly defined.  This is why we prefer to place the term in quotation marks.

Far too much of that which is identified as "spyware", is little more than nuisance-ware.  It must be noted that detection of such superficial "spyware" serves only to make the author of the detection tool look good in the consumers' eye.  Identification of such pseudo-threats is little more than eyewash and marketing hype for the tool's author.  They may as well market their software as elephant detectors in the absence of pachyderms!

Tracking cookies pose no meaningful threat to their recipients, despite Wikipedia's overblown "definition".  Most cookies are intended to store a tiny amount of useful information (on the local hard drive) to enhance consumer choices.  Or did you think that your favorite online book store relied solely on magic to assist you?

We have a problem with anti-threat tool vendors who use cookie detection to inflate their threat counts, in order to impress their less sophisticated customers.  Can cookies be abused?  Of course they can, but only by criminals who, by definition, ought to be spirited away from mainstream society and put to work making tiny pebbles out of large boulders.  Please keep in mind that you do have the option of not allowing your web browser to accept cookies, scripts, etc. Or might that make your web experience unbearably difficult?

Spam is "unsolicited" communications, much like junk mail.  The harsh reality is that you may have agreed to something that prompted the solicitation in the first place.  It is unlikely that we shall ever put an end to either Spam -- or junk mail -- at least until after State and Federal governments put a stop to their abuses of personal data that is routinely sold to the highest bidder.  If this is news to you, kindly crawl out from beneath the rock under which you have been living and join us topside in the real world.

Spam is merely a (largely self-imposed) nuisance.  Reply to the "wrong" email, fill in the "wrong" web form, and reap the dubious rewards for all eternity.  How the attempted abolition of spam became deserving of its very own Congressional Act, we may never know.  Perhaps this is but a precursor to the "Do Not Conduct Commerce Act", followed closely by the end of civilization.  Time alone will tell.

To be fair, however, not all Spam is created equal.  A miniscule percentage may contain malicious scripts that can compromise your system or it is just as likely that it will steer you into some sort of scam intended to relieve you of your money or your identity.  Then again, so will seemingly innocuous messages from a close -- but hopelessly irresponsible -- friend or business associate.  Coincidentally, friends and business associates are the most likely source of the majority of all malware transmissions.  Think about that before you open your next HTML email, email attachment, or after mindlessly agreeing to an unconscionable "privacy policy" or other binding contractual obligation.

CommTouch offers a very cool Real-time Spam Outbreak Monitor that may appeal to the acutely Spam-phobic.  If your Spam filter fails to resolve your personal problem, try changing your email address and exercising a greater degree of discretion when surfing the web.

Adware is a form of nuisance advertising.  Big deal.  Most advertising, unless it is exceptionally memorable or humorous, also poses a nuisance.  Advertising, after all, pays for much of whatever it is that you may be viewing or experiencing.  You don't have to like any form of advertising.  Without the incentives of advertising, however, the Internet -- as well as print and broadcast media -- would become an abominable wasteland, utterly devoid of meaningful or stimulating content.  Yet we are certain that there are those among us who believe all advertising to be deserving of yet another selectively-enforceable Congressional Act.  Spare us your self-serving idiocy, please!

Much like Spam, a small percentage of adware (primarily gleaned from highly questionable sources) is parasitic in nature and may contain malicious code that could do damage to your system or compromise your identity.  For further details on the dark side, you are encouraged to visit 2-spyware.com.  Good computer hygiene always begins with imposing reasonable limitations upon your travels.  Stop surfing objectionable or questionable websites!  Of course, some may wish to include this site in the "objectionable" category.  That is entirely their prerogative.

Incidentally, malicious scripts can be surreptitiously embedded into nearly any web page by criminal elements.  That's right ... ANY website!  Many "safe" sites have been ravaged by hackers at one time or another.  Even the FBI and CIA websites have been hacked repeatedly over the years, so it is safe to say that no website can ever be completely above suspicion.  What this means is that the innocent nature of web surfing may be many times more dangerous than relatively benign spam, cookies, or adware.

Conversely, Trojans, browser hijackers, key-loggers, and other such malware pose a meaningful threat to us all.  Not only does malware threaten the unwitting recipient but, much like any infectious disease, it can easily spread to all those who come in contact with an infected party!  This is another reason to direct your friends, neighbors, and business associates to this site or others like it.  (We suppose that some of the exceedingly ignorant might even construe the previous statement as some elementary form of "adware".  Again, we really could care less.)

Please be advised that some malicious software masquerades as "anti-virus", "anti-spyware", and other utilities.  (Don't you just hate it when that happens?)  Many of the too-clever-by-half charlatans promoting rogue "anti-spyware" applications have been identified through the superb research efforts of Suzi Turner and Eric Howes at SpywareWarrior.com.  If you have one of these rogue products installed ... GET RID OF THEM NOW!  (If you are able, that is.  The alternative may be "Format C:")  Another list of rogues is courtesy the good folks at SunBelt Software.  Still another list of rogues are supplied by the makers of Prevx.  With yet another list of rogues compiled by FBM, authors of ZeroSpyware.

Of course, rogue applications are not limited to purported anti-malware tools.  There are many trial applications, registry tools, performance tests, utilities, screen savers, and other enticements that will bring on more grief than you can possibly imagine.  Avoid them like the plague!  Stay abreast of the latest rogue applications through Technorati.

To the uninitiated, rogue applications and extortion-ware may be difficult to differentiate from legitimate applications or utilities until it is too late.  Seasoned IT professionals can be tricked into downloading rogue applications due to the simple fact that many rogue applications routinely appear as sponsored search engine links on otherwise "safe" web pages!  (Doh!)  Stick with known brands and reputable software review sites.  Yes, many "software review" websites can foist infectious crap on the technologically-gullible masses.  In fact, they count on it.

Maintain your focus on serious threats to your security, and don't sweat the small stuff.  Also see "Final Caveat" at the bottom of this page.

Install any popular anti-threat tool as your primary resident threat scanner -- we prefer two resident scanners.  But ALWAYS use secondary and tertiary anti-threat services to confirm your level of security (such as those indicated in the matrix at the top of this page).

Please keep in mind that the primary directive of malware is SELF-PRESERVATION!  To escape detection, malware of any sort will damage or disable your anti-threat applications first, leaving you defenseless.  That is the primary reason why you cannot trust the findings of one threat scanning utility!

Left unchecked, a disabled threat scanner will instill a false sense of security in the unsuspecting victim while malicious programs are left to do their dastardly deeds.  To avoid this probability, you must attempt to outmaneuver the criminal.

Frequent use of over-the-web threat scanners serves two purposes.  First, it will VALIDATE THE FINDINGS of your primary threat scanner(s).  Secondly, it may EXPOSE UNDETECTED DAMAGE to your primary threat scanner(s), should the over-the-web threat scanner fail to install or function correctly (see note below).

For more information on "spyware", please consult "You've Got Malware!".

Install a popular brand of threat scanning software as your resident guardian, but outsource your "second opinions" to any of the web-based threat scanners indicated in the table at the top of this page.  Avoid "off-brand" threat scanners entirely, as many are actually nuisance-ware (e.g., Virtual Bouncer) or extortion-ware intended to sell you a "cure" for something that does not exist (or worse).

However, it is imperative that you never use the same brand of software for both your resident threat scanner and your "second opinion", since it is likely that they share a common threat signature database.  Please be advised that this DOES NOT provide independent verification and validation (IV&V) of any genuine threats posed!

Whereas it is generally not recommended to install more than one resident threat scanner (unless they are intended to coexist), you may successfully run a variety of over-the-web scanning tools.  It is advisable to perform weekly threat scans alternating between three or more online resources (as indicated at the top of this page).  We recommend using these links for your second and third opinions.  Rotate through these over-the-web threat scanning tools, deliberately avoiding a site that matches your primary threat scanning software.  It is imperative that you use at least three different online threat scanning utilities to maintain a safe and secure computer environment.

NOTE:  Whenever you are unable to execute a web-based threat scanning tool, your system has already been compromised and it is surely infected with something!  Be prepared to spend some "quality time" reinstalling your operating system and all of your applications, paying very close attention not to re-infect your system with an "important" file from the previous installation.

Many might say that rootkit technology is evil.  Hogwash.  Rootkits are no more evil than a common brick or baseball bat; both of which are useful inanimate objects.  But in the wrong hands, either one can kill or maim an intended victim.  Rootkits merely offer safe harbor to malicious software.

Sony-BMG's anti-piracy scheme featuring the DRM root-kit (XCP digital rights management).  As many as 2.5 million systems may remain "infected" by the Sony rootkit.  Symantec's popular SystemWorks protected recycle bin has opened the door to a new wave of exploits. How many tens of millions of users are "infected" by the Symantec rootkit?  (Their software may be removed with the Norton Removal Tool below).

Many major PC builders (e.g., Compaq, Dell, Gateway, H-P, and others) often include hidden partitions on their hard disks which contain an image used to repair corrupted systems.  Unfortunately, these too can conceal undetectable malware that is capable of just about anything including Identity Theft.

Microsoft includes a root-kit detection and removal feature in their Windows Defender spyware detector and in their Malicious Software Removal Tool (updated monthly).  Here are several other Rootkit Detection / Removal tools that you may find interesting:

Use these tools at your own peril.  Remember that alpha and beta test software should never be installed on production systems.  Please read cautionary message under "Do not set yourself up for victimhood".

It seems that Symantec's problems are not limited to the ill-conceived use of rootkit technology.  No, not in the least.  It was recently revealed that their online threat scanner had a major flaw which left users vulnerable.  (Notice that we had disabled our link at the top of this page for a period of time).  Now it seems that Norton AntiVirus also has a "worm hole" that places an estimated two hundred million Symantec customers' workstations and servers at serious risk of compromise.  We cannot, in good conscience, recommend the use of Symantec threat scanning tools until each of these deficiencies have been corrected and thoroughly tested.

Here is a short list of several rootkit monitoring and intrusion prevention tools:

Elements of international organized crime and terrorism have entered the picture because the illegal profits from internet fraud and identity theft are substantial.  For the public good, it is everyone's responsibility to guard against these attacks, to prevent re-infecting others.  Whenever the opportunity presents itself, turn these perpetrators over to the authorities.

Panda Labs detected a worrisome new crime-ware snippet a few years ago. Trojan (Trj/Briz.A) has a primary goal to steal personal financial data from infected computers. This code stands out because it specializes in stealing bank information and keyed data from banking-related web forms.  The Trojan code creation system gives cyber-hoodlums the ability to generate a Trojan that escapes detection by most malware protection mechanisms.

Trj/Briz.F is a variant designed to automatically download malicious code onto the computers of users visiting websites that host the malware.  Briz.F is elaborate in its attack.  It commences by installing a file named iexplore.exe (the same as Internet Explorer), which detects an Internet connection and connects to a compromised website.  It then downloads a file named ieschedule.exe, which disables Windows Security Center services and forwards vital information about the infected computer to the criminal.  It also downloads a file named smss.exe (the same as Windows' Session Manager Subsystem) which modifies the HOSTS file to prevent access to most websites related to threat scanners.  To avoid modifications to your HOSTS file, use JavaCool's SpywareBlaster.  Lastly, it downloads a file named ieredir.exe, which redirects the user to spoof web pages whenever they attempt to connect to specific online banking services, strictly for purposes of identity theft and bank fraud.

The criminal who uses this well-engineered Trojan has the ability to remotely control these infections. This permits the crook to retrieve large amounts of data regarding infected computers or compromised networks under his direct control.  Such data includes relevant IP addresses, passwords, email contacts, the physical location of the targeted computers, and personal information.  The cyber-crook can maintain tight control over their malicious activity wile eluding detection.

Formidable self-preservation mechanisms make it difficult to detect and disinfect.  Of course, this is not the only such piece of malware that flies beneath the radar of most threat detection applications.  Malformed archives may contain dormant viruses which will invariably escape detection by threat scanners and may release their payloads when least expected.  This ought to be genuinely frightening stuff to those who understand the far-reaching ramifications of mass-distributed "undetectable" crime-ware.

Over the past decade, weapons of mass distraction have evolved into weapons of mass destruction.  We encourage everyone to maintain at least one resident malware scanner (such as avast!, AVG, BitDefender, ewido, OneCare Live, etc.) on every computer, server, and network workstation.  The software must be automated to update itself daily (or hourly).  We also recommend an up-to-date anti-"spyware" scanner (such as Windows Defender or Spybot), on each and every computer, server, and network workstation whenever such tools are broken out and marketed separately from a publisher's anti-virus scanner.

It is also a good idea to install SiteAdvisor to help guide your travels through cyberspace. Granted, this tool is in its infancy and may be subject to bias on the part of individual reviewers (a few are genuine whack jobs), but it is a great start in the right direction.  Anyone can submit a site for review, but reviewers do undergo some scrutiny.  This has since been taken over by McAfee.

Do Not Set Yourself Up For Victimhood

Read emails only as plain text, without exception.  NEVER read your email as HTML, which can readily mask malicious scripts and bogus web addresses.  We recommend that you never open any email attachments unless you are absolutely certain of their origin and purpose.  There are new threats which may be contained in Microsoft Excel spreadsheets and Word documents.  Cautious skepticism will dramatically limit your risk of exposure.

Graphic images can be used to exploit your web browsing experience, as well.  Social engineering principles that encourage the email recipient to forward the message to others should place the first level of doubt in your mind.  Say "No!" to all chain email messages.  Admonish the sender with a message that indicates you no longer view unsolicited graphical images or chain emails (many of which are legendary hoaxes).

Never insert a Sony-BMG disc with DRM (rootkit) copy protection into any computer!  If you have ever done so, run one of the root-kit removal tools below to rid yourself of the potential problems associated with rootkits..

Among the more important reasons to remove such root-kit functions is that new variants of the bothersome Bagle worm (Bagle IB and Bagle HZ) are able to hide files, registry entries, and processes.  These lethal Bagle variants attempt to disable 500 processes related to threat scanners, firewalls, and other security functions.  Both variants use the m_hook.sys rootkit file used by other Bagle variants to obscure their dastardly deeds with no chance whatsoever of being detected by threat scans.  This carries with it the potential of taking a good many inattentive IT professionals by surprise.  WATCH YOUR BACK!

Lastly, we encourage EVERYONE to become obsessive-compulsive about keeping applications and operating systems updated. Most updates are designed to offer protection against new exploits as they are revealed.  Plugging holes in security is an essential obligation of all computer users.  We consider anything less to be risky behavior -- and you should too!

Microsoft has published a useful glossary of security and privacy terms on their OneCare Live website.  This may serve to broaden the general public's understanding of some terminology used herein.

Anti-threat Utilities
(green or pink highlight = our endorsement)

Microsoft Windows Update It is always a good idea to keep your Operating System up-to-date and secure.  That goes DOUBLE for too-clever-by-half UNIX, Linux, RedHat, and Apple zealots.  Improve your upgrade hygiene!
Microsoft Security Centers For good measure, check to see just how secure your home, business, or development systems may be.  Or try the new, and dare we say "awesome", Windows Live Safety Center.
Microsoft OneCare Live This exciting new suite is an always-on PC health maintenance service that runs silently in the background. It provides fully automated anti-virus protection, a very slick firewall, disc performance optimizer, and file maintenance tool.  OneCare Live is the Swiss Army Knife of system utilities for the typical "hands-off" end-user.  OneCare plays well with others (coexists with many other virus scanners) but is not intended for use with Windows XP x64 -- yet.  This is an ESSENTIAL utility suite from your "extended family" in Redmond.  FREE until June 2006 (sign up before April 31st and pay only $19.95 for the first year)  Priced at $49.95 per year for three system license including anti-spyware feature).
Alwil avast! AntiVirus (for 32-bit and 64-bit processors) This is the first available anti-virus scanner that exploits 64-bit architecture and Windows XP x64 Edition (filling the void left by OneCare).  Avast! even talks to you whenever suspicious items are detected or when automatic updates are installed!  Windows Server, SBS, ISA Server, Exchange Server, Linux Server, PDA, and other versions are available from our secure eCommerce page. Avast! is FREE for home use, and is very cost-effective in commercial applications.  We rate this as one of our favorite primary threat scanners. If you wish to purchase licenses of one- to three-years for any Avast! anti-virus tool, please advance to our secure eCommerce page.
Alwil avast! Virus Cleaner This tool identifies and removes some of the nastiest malware on the planet -- from BadTrans to Zafi.
AVG Antivirus Free Edition AVG has received "VB100%" in the tests performed by Virus Bulletin in December 2005 on Windows 2003 Enterprise X64 Version platform.  AVG also has a Linux Free Edition as well.   Trial versions of their other anti-virus tools are also available.
Ian Kenefick offers a unique tool that will be of interest to those who desire a subtle degree of overkill. Then again, perhaps it is the most prudent solution. If you wish to use more than one resident anti-malware scanner, Multi-AV is a clever tool that supports command line versions of Sophos, Trend, McAfee, and Kaspersky DOS-level threat scanners.  Enjoy!
Avira AntiVir Personal Edition You will recognize the FREE of charge AntiVir Personal Edition Classic with its characteristic red umbrella. This is more popular in other parts of the globe, but is produced in cooperation with the Auerbach foundation.	BitDefender Antivirus software Yet another highly-rated anti-virus program with Linux, BDS, and variserver editions, FREE for home use.  Access to several BitDefender RSS feeds are also available for your viewing pleasure.
CA eTrust Anti-Virus Software This is a free offer from Computer Associates for corporate users to provide employees with licensed copies of eTrust EZ Anti-Virus scanner for their home systems. (a $29.95 value).  Ask your employer if you may qualify.	ewido Anti-malware Download a trial that "plays well with others".  It will shed a few premium features after the trial period, but will remain effective and FREE for personal use.  This is one of our favorites, and the recent merger with the Grisoft Group (AVG) will only improve upon an otherwise excellent tool.
ESET NOD32 Anti-threat System Thirty-day trial versions of the ultra-efficient NOD32 anti-threat scanning tool are available for all flavors of Windows including x64, plus Exchange, Linux, Novell, Domino, Kerio, and more.  Stop all forms of  malware dead in its tracks with NOD32!	f-Secure Evaluation Downloads Anti-Virus, Internet Security, Anti-Spyware, Internet gatekeepers, and many other security tools for Windows, Citrix, and Linux PCs and servers. These are evaluation versions with limited licenses.
Microsoft Installer Clean Up The all-purpose application removal tool for dislodging those pesky applications that just won't go away or have become hopelessly corrupted.  Out damned spot!  It is the no-compromise clean-up for compromised software.  Another ESSENTIAL utility.	Norton Removal Tool (SymNRT.exe) Are you having fits with Snortin' Norton SystemWorks or other Symantec products?  If so, you may take comfort in knowing the you can uninstall these applications with Symantec's own Norton Removal Tool.  Please consult this link on the Symantec site for further details on its use.
Alwil avast! Virus Cleaner This clever tool from Alwil identifies and removes some of the nastiest malware on the planet -- from BadTrans to Zafi.  When infected with malware, use several different tools to surgically remove the threat.  To make certain that threats never return, turn off system restore through My Computer | Properties | System Restore, then reboot and re-scan.	ESET Worm Removal Tools From the authors of NOD32 comes a nicely rounded set of worm and malware removal tools that will pull your fat out of the fire when the "nasties" come crawling.  Whenever you identify a threat, you just want it gone!  Here are several free utilities that will put you back on track.
Microsoft XP Security Guide 2.2 This is one kick-ass hardening scheme that will thwart all but the most ambitious of criminals.  If you are unable to get your Belarc Advisorc CIS Security Benchmark above 8 (out of 10) you obviously have not been trying very hard!  These data may cause problems in the hands of an amateur.  After all, security does not stop with the installation of a threat scanner.  It's a state of mind!	Malicious Software Removal Tool Microsoft updates MSRT around the 10th of each month.  This tool checks various versions of Windows XP, 2000, and Server 2003 for malware.  It helps remove infections by prevalent malware, such as Bagle, Blaster, MyDoom, Sasser, Sober, SoBig, Zotob, rootkits, and the worst of the worst in worms.
Norman Ngen-Fix Malware Removal Tool NGenFix is a great little Safe Mode utility that may be used to detect and remove whole families of specific malware outbreaks.  This is a great reactive, rather than proactive, tool used to handle systems that have been infected.  It will kill infected processes that may be running, remove disc infections, and restore correct registry values.  download this tool for free.	Lavasoft Ad-Aware SE This is an old favorite that we de-listed when there had been controversy over Ad-Aware not identifying certain adware.  We have re-listed it at the urging of several readers, and due to the fact that SiteAdvisor has it listed as being "green".  This tool is also free for personal use.
Microsoft Windows Defender This is among the best and most user-friendly anti-spyware scanners available.  This "Beta 2" version is absolutely FREE and is an integral component of Vista.  Without a doubt, this is an ESSENTIAL tool!  (And it "plays well with others.")	Spybot Search & Destroy A long-standing favorite of many I.T. professionals.  Remember to install the "Tea Timer" feature during installation, to remain actively protected against malware at all times.
Microsoft Antigen Server Protection Register to receive the Microsoft Antigen Server Protection public beta when it becomes available.  Protect against current and emerging malware threats and improve visibility.	Microsoft ForeFront Client Protection Register to receive the Microsoft ForeFront Client Protection public beta.  Protect against current and emerging malware threats, improve visibility, and garner other benefits.
F-Prot Antivirus-Firewall F-Prot Antivirus for Windows features an automatic updater to keep you on top of things.  The firewall package enables you to protect your personal data, without complicating your environment or straining your computer's resources.  Linux and BSD versions available.	Kerio Personal Firewall Kerio Personal Firewall is available in two versions.  KPF works as the full edition for 30 days, after which it morphs into the limited (free) edition. The limited edition does not provide content filtering capabilities and several other features.
Zone Labs ZoneAlarm Firewall If you want the best FREE firewall software, this is definitely it!  This is an absolute "must have" item if you are not located behind a hardware firewall or other formidable software firewalls.  Yes, firewall alerts can be irritating.  But isn't that much better than the alternative?	PC Tools Evaluation Downloads Anti-Virus, Spyware Doctor, Registry Mechanic, Privacy Guardian, File Recover, and Spam Monitor trial versions may be downloaded for your first-hand inspection.  These excellent tools are evaluation editions with limited licenses and functionality.
McAfee Stinger is a good stand-alone malware scanner.  It is updated periodically, but should never replace a resident scanner.	Trend SysClean is another good standalone threat scanner.  You may download the latest Trend SysClean Virus Pattern Files here.
Brute Force Uninstaller by Merjin is a tool that is dangerous in the wrong hands.  If you are not an advanced user, please avoid using this tool, and first read the documentation before doing serious damage.  More invaluable (albeit dangerous) tools from Merjin are available here ... such as ADSspy and BHOlist.	Hijack This! also by Merjin is a tool for the IT professional or someone under their direct supervision.  In the wrong hands, it can be very destructive! (So why is it here?)  HijackThis! is a very useful homepage hijacker removal tool. It does not target specific programs or URLs.  Rather, it identifies the methods being used by hijackers.  Submit your HijackThis! logs to this online log analyzer.
Microsoft TechNet Security Tools The Department of Redundancy Department requires us to extol the virtues of Microsoft's of litany of security tools, several of which are mentioned above.  Delight in knowing that the good folks at Redmond are trying their level best to keep us all safe.  However, that cannot happen without your mutual participation.  Get with the program!	Multi-AV This multi-faceted threat scanning tool enables the user to select from Kaspersky, McAfee, Sophos, and Trend threat scanners.  Each threat database is updated before each scan to ensure that the most current threat signatures are being used.  It runs from a DOS window, enabling it to circumvent some of Windows' complexities.  There are several other useful tools available from the author's website at http://www.ik-cs.com.
SNORT.ORG - Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. Snort has positioned itself as a widely deployed intrusion detection and prevention technology, and has become a de facto standard.	Foundstone Labs is a division of McAfee that offers several free intrusion detection tools and a wealth of up-to-date information about the ongoing battle against the asocial cyber-delinquent and organized cyber-criminal elements that are a festering pox on the posterior of Internet society.
Popular Anti-threat Software Publishers We do not wish to sleight anyone, so here are links to a few other anti-malware software publishers:
Aladdin (eSafe) Aluria (Security Center) Alwil (Avast! Antivirus) ArcaBit (ArcaVir 2006) Atka (Aura) Avira (Avira Desktop) Cat Computer (Quick Heal) CheckPoint (SmartDefense) ClamAV (ClamWin) CommTouch (Zero Hour) COMODO (AV, AM, F/W) Computer Associates Determina (LiveShield) Doctor Web, Ltd.r. Web) Earthlink (Spyscan) ESET Software (NOD32) Exploit Prevention Labs (SocketShield - now Grisoft) FaceTime (IM, IRC, P2P, etc.) Fortinet (FortiGuard AV) Frisk Software-Prot) GFi (LANguard) Gordano (GMS) Grisoft (AVG & ewido)	Hacksoft (The Hacker) Ikarus (Ikarus) Kaspersky (AVP) McAfee (VirusScan) Miel Security (Helios) Microsoft (Antigen / Forefront) Norman (Norman Antivirus) Panda Software (Platinum) PC Tools (AV & SpywareDoctor) Prevx (Prevx) Proland (Protector Plus) Secure Resolutions (Resolution AV) Sereniti (Smart Home Server) SoftWin (BitDefender) Sophos (SAV) Sunbelt (CounterSpy / Kerio) Symantec (Norton Antivirus) Tenebril (SpyCatcher) UNA Corp (UNA) VirusBlokAda (VBA32) VirusBuster (VirusBuster) Webroot (SpySweeper)
Sadly, this list is woefully incomplete.  Nevertheless, it does represent forty-odd popular or sophisticated anti-threat products on the market.  That ought to be sufficiently complicated so as to confuse the typical unsophisticated consumer. If an unlisted candidate shows merit (and their products are devoid of bothersome traits), we will cheerfully add a link.  Conversely, if a product fails to pass muster, we are very likely to provide "destructive criticism".  Products that include the ability to generate deliberate false positives, which are intended to bolster flagging sales, need not apply (e.g., Pareto Logic XoftSpy). Never assume that we endorse ANY publisher listed above.  Neither does omission necessarily condemn a product or publisher as evil incarnate.  Omission is merely a reflection of our relative unfamiliarity with a given product.  Nothing more. It should be duly noted that we have valid concerns about certain products, such as StopSign, which explains their conspicuous absence from the above list.  For a more complete list of rogue anti-threat products (plus a fair list of otherwise marginal products), please consult SpywareWarrior. There are several otherwise excellent anti-threat products that are dangerously close to crossing the line into near-rogue status.  We maintain a short list of popular anti-threat products, including several favorites, that are poised to be defamed for their idiotic marketing ploys.  Excessive false positives and indiscriminate cookie identification are just that -- marketing ploys intended to influence the gullible and the unsophisticated. There is absolutely no legitimate excuse for a popular anti-threat scanner to generate false positives or to identify harmless cookies as being something dangerous.  Frankly, the mindless hysteria over benign cookies must stop!
Disinfection Instructions GENERIC BOOT DISINFECTION TECHNIQUES GENERIC REMOVAL INSTRUCTIONS DOS boot record viri that DO store boot sector DOS boot record viri that DO NOT store boot sector MBR viri that DO store boot sector MBR viri that DO NOT store boot sector Applications Dialers Droppers Executables Jokes & Hoaxes Macro viruses Trojans Worms Below are links to Sophos' (on the left) and BitDefender (on the right) disinfection instructions.  You may find them useful in removing and disinfecting all sorts of malware, including boot sector viruses, macro viruses, script viruses, worms, Trojans, and invaders.  We have added links to other collections of tools, in case you can't find the proper "wrench" in this tool box. SPECIFIC DISINFECTION OR REPAIR TECHNIQUES Troj/Agent-L Troj/BagleDl-AA Troj/BagleDl-AB Troj/Banker-R Troj/Bdoor-CHR Troj/CodeRed-II Troj/CoreFloo-C Troj/CoreFloo-D Troj/Daoser-C Troj/Delf-ALI Troj/Dloader Troj/RKProc-Fam Troj/Rootkit-AA Troj/Stinx-E Troj/Stinx-F Troj/Stinx-Q Troj/Stinx-R Troj/Stinx-S Troj/Stinx-U Troj/Startpa Troj/Surila-E VBS/Kakworm W32/Agobot W32/Alcra-B W32/Anig W32/Apology-B W32/Apribot-C W32/Avril W32/Badtrans W32/Bagle W32/Blaster-A W32/Bobax W32/Bofra W32/Braid-A W32/Brontok-A W32/Bugbear-A W32/Bugbear-B W32/Cuebot W32/Deborm W32/Donk-D W32/Dumaru-AK W32/ElKern-C W32/Esbot W32/Eyeveg W32/Fizzer-A W32/Flcss W32/Forbot W32/Frethem W32/Gibe-F W32/Goner-A W32/Jeefo-A W32/Klez-H W32/Korgo W32/Lebreat W32/LegMir W32/Lovgate W32/Lovgate-F W32/Lovgate-Z W32/Magistr-B W32/Mimail W32/Mofei-A W32/Mofei-E W32/MyDoom W32/Mytob W32/Nachi W32/Nanpy W32/Netsky W32/Nimda-A W32/Nimda-D W32/Nyxem W32/Opaserv W32/Rbot W32/Rbot-BAA W32/Ritdoor-B W32/Sasser W32/Sdbot W32/Sircam-A W32/Sober W32/Sobig W32/Sumom W32/Tilebot W32/Tilebot W32/Yaha W32/Zafi-B W32/Zotob Sophos' news Sophos' alerts Sophos' Top 10 Threats Sophos' Top 10 Hoaxes More Repair or Removal Tools: AVERT Tools Bullguard Tools CA Tools eset Tools F-Secure Tools Ikarus Tools Kaspersky Tools McAfee Services Panda Tools Prevx Tools Proland Tools Symantec Tools Trend Tools VirusBuster Tools BackDoor.Rebbew (A,B,C,D) Backdoor.IRC.Sticy.A Backdoor.K0wbot.1.2, 1.3.A &.B Backdoor.Sticy.B I-Worm.Sircam Trojan.VB.AE Win32.Antiman.A@mm Win32.Auric.A@mm Win32.Badtrans.B@mm Win32.Bagle.A@mm Win32.Bagle.AU@mm Win32.Bagle.FO@mm Win32.Bagle.{C-E}@mm Win32.Bagz.B@mm Win32.Bride.A@mm Win32.Bride.B@mm Win32.Bride.C@mm Win32.BugBear.A@mm Win32.BugBear.B@mm Win32.BugBear.C@mm Win32.Dumaru.A@mm Win32.Dumaru.B/C@mm Win32.Dumaru.Y@mm Win32.Elkern.A Win32.Evaman.A@mm Win32.Fizzer.A@mm Win32.Frethem.F@mm Win32.Funlove Win32.Ganda.A@mm Win32.Gibe.A@mm Win32.Gone.A@mm Win32.Holar.H@mm Win32.IISWorm.CodeRed.F Win32.Ivrol.A@mm Win32.Jeefo.A Win32.Klez.A@mm Win32.Klez.D@mm Win32.Klez.E@mm Win32.Klez.H@mm Win32.Lirva.B@mm Win32.LovGate.C@mm Win32.LovGate.C@mm Win32.LovGate.G/H/J/K@mm Win32.Mabutu.A@mm Win32.Magistr.B@mm Win32.Melare.A@mm Win32.Mimail.A@mm Win32.Mimail.C@mm Win32.Mimail.D,E,F,H@mm Win32.Mimail.I@mm Win32.Msblast.A Win32.Msblast.B Win32.Msblast.C Win32.Msblast.F Win32.Muce.A Win32.Mydoom.B@mm Win32.Myparty.A@mm Win32.Neroma.A@mm Win32.Neroma.B@mm Win32.Netsky.B@mm Win32.Netsky.Q@mm Win32.Nimda.A@mm Win32.Nimda.E@mm Win32.Novarg.A@mm Win32.Nyxem.E@mm Win32.Parite.A/B/C Win32.Polip.A Win32.SoBig.E@mm Win32.SoBig.E@mm Win32.Sober.A@mm Win32.Sober.AD@mm Win32.Sober.B@mm Win32.Sober.C@mm Win32.Sober.D@mm Win32.Sober.F@mm Win32.Sober.O@mm Win32.Sobig.A@mm Win32.Sobig.B@mm (Palyh) Win32.Sobig.C@mm Win32.Sobig.F@mm Win32.Valhalla.2048 Win32.Worm.Benjamin Win32.Worm.Bobax.A/C Win32.Worm.Bobax.A/C Win32.Worm.Dabber.A Win32.Worm.Korgo.A,B Win32.Worm.Korgo.A,B Win32.Worm.Korgo.C Win32.Worm.Korgo.C Win32.Worm.Korgo.P Win32.Worm.Korgo.R Win32.Worm.Korgo.R Win32.Worm.Mexer.E Win32.Worm.Mytob.BY Win32.Worm.Opaserv Win32.Worm.SQLExp.Slammer Win32.Worm.Welchia.A Win32.Worm.Welchia.B Win32.Yahaa.D@mm Win32.Yahaa.E@mm Win32.Yahaa.J@mm Win32.Yahaa.K@mm Win32.Yahaa.P@mm/Q@mm Win32.Zafi.A@mm Win32.Zafi.B@mm Win32.Zafi.D@mm Worm.Kibuv.A
Although costly, McAfee's VirusScan Enterprise 8.x with Anti-"Spyware" module is among the best network solutions available according to the July 25th, 2005 eWeek analysis.  Other interesting insights on locking down systems is available here.  Such assessments are fleeting, however.  With the rules of war changing every day, the ability of one enterprise solution to stay on top of things is difficult at best.  We may be somewhat opinionated, but that does not mean that we are closed minded! We could reveal the names of several other popular free-ware, shareware, or "open source" applications that exhibit alarmingly viral-like behavior (e.g., Open Office is a prime example).  No legitimate application should exhibit disturbing self-preservation qualities normally associated with malware!  The sole exceptions are anti-threat scanning utilities, which need to hook into your operating system in order to protect it.  Although, well-written threat scanners are easily uninstalled -- poorly-written ones generally are not.  Did you hear that Symantec? Then again, many people enjoy bashing Microsoft for no other reason than they wear the largest target on their back.  Those who wear large targets, after all, are certain to catch more than their share of the arrows!  Let the free market determine the winners and losers.  Whereas we have certainly been among Microsoft's detractors whenever they deserved a sound thrashing, we are proud to state that we have yet to find suitable alternatives to genuine Microsoft products in the markets that they chose to pursue.  Their anti-threat tools are becoming world-class as well.  We urge you to check each of them out. You've got malware! Unfortunate though it may be, the dangers presented by unprotected use of the Internet are very real, and they are growing every day.  Indicated below are a few sensible precautions that all Microsoft Windows users can take to avoid becoming infected or infested by malware.  Much of the software indicated herein is freeware for personal use, so you have no valid excuse regarding the high cost of security!  Our modest list is, however, decidedly Windows-centric.  We make no apologies for that fact. UNIX, Linux, RedHat, and Apple users -- under ever-increasing attacks -- will have to research competent sources of reliable security tools for themselves, although we have elected to include a few in the matrix above.  These particular environments are not our primary focus, although we do have a modicum of experience with each.  Here are a few precautions you all may wish to take: NEVER insert a "thumb drive", floppy diskette, CD or DVD into your computer unless it has first been thoroughly scanned for malware by an up-to-date service on which you can stake your system's safety, your wealth, and your identity.  Otherwise, a tempting caress may quickly lead to a fatal embrace! Install SiteAdvisor for IE or FireFox (other browsers will be added in due time) in order to help make prudent choices when traveling the far corners of the web.  Be advised that even websites with favorable (green) reviews still may carry potentially lethal sponsor ad links!  Click with care. Disable Windows Universal Plug and Play (UPnP) using GRC's "UnPlug 'n Pray".  Advanced users (bona fide geeks) may prefer using features of XQDC's X-Setup Pro to selectively disable all but the SSDP portions of UPnP. Disable Windows Messenger Service using GRC's "Shoot-the-messenger".  This too may be disabled with other tools for advanced users such as X-Setup Pro. Disable Windows Distributed Component Object Model using GRC's "DCOMbobulator".  If you have XP SP2 installed, this is unnecessary. (here is the Gibson Research Corp. Freeware page for other popular utilities) Disable all other non-essential services (e.g., file and printer sharing, telnet, SNMP, etc. and those listed previously) which afford easy access to gain your computer by criminal elements.  A more complete list is a couple of bullet points lower.  "Hardening" your system can also be accomplished with a little extra work, but should be performed with assistance from an advanced user to ensure success. It is always best to place your system behind a NAT-enabled hardware firewall or router.  These are inexpensive safeguards (<$50) that further isolate your system from the outside world.  Even when no hardware firewall is present, you must enable a software firewall, such as that included with Windows XP and many anti-threat software bundles.  Test the firewall using Sygate SOS.  All ports tested must be identified as either STEALTH or BLOCKED to ensure safety. Scan your system for open ports using GRC's "Shields Up" port scanner or Symantec's Security Check.  If you have an inexpensive hardware firewall, please verify that port 137 has been Blocked or Stealthed.  If you used the GRC scan, we recommend that you also run the Symantec Security Check or Sygate SOS to check several of the vulnerable upper ports.  Unless your ports are reported as "Stealth", you may soon discover that even "closed" ports may leave you vulnerable to attack. Install the Belarc Advisor to profile your computer's security and installed hardware / software.  This provides a CIS Security Benchmark Audit, and it is useful in conducting an inventory of software licenses and installed hardware.  If your CIS Benchmark is less than 7 out of 10, you need to perform some serious "heavy lifting" in order to slam the door on unwanted intruders.  You may also consult our Security Benchmark page  If you are not technically inclined, do not attempt changing permissions, registry entries, or services without competent supervision.  You may do more damage than good or even lock yourself out of your system permanently! If you have not yet installed a threat scanning tool and firewall on your PC, please install avast!, AVG, BitDefender, AVG, OneCare Live, or other resident threat scanner immediately.  Perform a full system scan followed by two or more additional full system scans using different over-the-web threat scanners, as indicated at the top of our Internet Security page! It you have not installed an anti-"spyware" tool on your PC, please install Windows Defender or Spybot now!  Perform a full system scan followed by two or three additional full system scans using two or three different over-the-web threat scanners indicated at the top of our Internet Security page!  Additionally, you must run CA PestScan and X-cleaner scan often to validate your findings. Advanced users can further assess their workstation and network vulnerabilities using the Microsoft Baseline Security Analyzer. Advanced users are encouraged to disable all potentially risky and unnecessary services such as: File & Printer Sharing Internet Connection Sharing Alerter service ClipBook service Computer browser service (not associated with web browser) FAX service FTP publishing service IIS admin service Indexing service Messenger service (not associated with IM) Net logon service Net-meeting Remote Desktop service Network DDE service Network DDE DSDM service Remote desktop help session Remote desktop service Remote Registry service Routing & Remote Access service Simple Mail Transfer Protocol (SMTP) Simple Network Management Protocol (SNMP) service Simple Network Management Protocol (SNMP) trap service Task Scheduler service Telnet service Terminal services Universal Plug & Play Host service World Wide Web publishing service ... and all other potential areas of compromise A few of these services may have been disabled through the use of utility programs mentioned above. Re-enable only those services you find absolutely indispensable.  However, you may verify or alter the status of your service settings through Control Panel | Administrative Tools | Services.  You may also find our Security Benchmark page useful. Please consult your network administrator before disabling any services, as some of these services may be required in a network environment. For businesses of fifty employees or more, we also recommend spending some quality time with the Microsoft Security Risk Self-Assessment.  This tool may prove helpful even when you work in a non-Windows environment. Enable automatic updates or visit Windows Update often for the latest operating system security patches and product upgrades. Visit Microsoft Office Update often for the very latest Office patches, upgrades, templates, etc. (now integrated into Windows Update) Configure your email reader to display messages only in PLAIN TEXT. (e.g., Tools | Options | Mail Format).  Do this because "pretty" HTML messages too easily disguise lethal malicious scripts and fraudulent links that can transport you to hostile websites. NEVER click on any hypertext links provided in any email messages, instant messages, or pop-ups.  Period. This should include spoofed (fake) "critical security update" emails from companies such as Microsoft, advisories from your bank or favorite auction site, and bogus threat scan solicitations that were developed to extort money from unwary individuals to pay for equally bogus "cures". Be especially cautious of all emails containing misspellings or poor grammar.  This is a common trait of most off-shore phishers, pharmers, "4-1-9" fraudsters, and other unscrupulous scammers who may not speak English as their primary language.  Just delete these messages and go about your routine.  There is no pot-of-gold waiting at the other end of these particular rainbows, no matter how tempting they may appear. Speaking of spelling ... be very careful when typing the name of popular websites such as google.com or anti-virus vendors.  Cyber-squatters and cyber-criminals are registering misspelled domain names to capitalize on bad spellers and clumsy typists.  In some instances, the misspelled web address may contain malicious scripts that will attempt to install malware or key loggers used to capture your passwords and personal information. Avoid using instant messaging services, ICQ, chat rooms, and music or file sharing websites whenever possible.  All of these venues have been involved in the widespread distribution of malware and identity theft schemes.  If you must, there are special anti-malware tools designed specifically for use with IMs, P2Ps, etc.  Please use them! If you feel compelled to visit a website indicated in an email, instant message, or pop-up, please RE-TYPE the website address into a separate browser window, or use a Bookmark or Favorite that you know is safe. NEVER reply to any email, instant message, or a popup message that asks for personal or financial information.  Keep in mind that your bank or credit card company would NEVER ask for personal or financial information via email in the normal course of business.  Several clever pop-ups also appear to mimic threat scanning tools.  Close these pop-up windows by using Task Manager to end the task (best), or clicking on the big red "X" in the upper right corner (still risky) ... otherwise you may suffer the consequences. Be wary of downloading files or opening attachments from any email or instant message you may receive, regardless of who may have sent them! NOTE:  Worms and viruses routinely deliver their destructive payloads through email reader vulnerabilities, such as those in Outlook and Thunderbird.  The compromised email reader than forwards the deadly payload to all contacts in the victim's address book.  Remember that fact the next time you receive unexpected email from close friends or business partners -- it may contain unwelcome surprises.  Are you sufficiently paranoid yet? Check for new warnings about the latest malware threats and phishing scams by visiting such websites as Symantec, McAfee, Trend Micro, Panda Software, CERT, ISCA Labs, etc.  and visit the VeriSign anti-phishing & ID theft webpage for further information and statistics.  More links are in the right margin of the Internet Security page. If ever you need to remove an application that is behaving badly or is otherwise corrupt, may we suggest the Microsoft Installer Clean Up tool?  Ccleaner is another useful tool that performs a plethora of useful housekeeping tasks including registry cleanup.  These tools will cure many ills if your system requires a little house cleaning. Also consult our Identity Theft page for additional tools to keep from having your identity compromised.  Use common sense and the proper tools to avoid disaster.  Below are a few other relevant security recommendations www.microsoft.com/security/home/ Microsoft Security Basics www.isalliance.org/resources Common Sense Guide www.nsa.gov/snac/ NSA Security Recommendation Guides pcvirus2000.web.cern.ch/pcvirus2000/ CERN antivirus support website security.web.cern.ch/security/passwords/ CERN Password Recommendations security.web.cern.ch/security/Recommendations CERN Computer Security www.cert.org/tech_tips/home_networks.html CERT Home Network Security www.e-gold.com/unsecure/alert.html e-gold Security Alert Page If you wish to educate yourself on other topics of security, disaster preparedness, and business continuity planning (another specialty of ours) you may begin with the Department of Homeland Security.  There is even a Kids Section.  And for a change of pace, may we suggest the Department of Homeland Stupidity? Kool-Aid drinkers everywhere will delight in knowing that September is National Preparedness Month.  If you think that government is the answer, you obviously misunderstood the question!  Remember Katrina.  But enough socio-political commentary ... now for the latest news. Internet Insecurity If you really want to frighten yourself silly over technology run amuck, and sundry equally-absurd foolishness that "secures" our beloved Internet; we urge you to read the following thought-provoking articles.  You may never surf the web or transfer vital data in the same manner again: Search Engines Spread Malware A study looked at the five major search engines -- Google, Yahoo, MSN, AOL, and Ask -- and covered a period from January through April 2006. Researchers found that in every search engine, popular keywords returned sites that could be potentially dangerous. What's worse, in popular keywords such as "free screensavers," "digital music," "popular software," and "singers", as much as 72 percent of the returned results contained some kind of risky link.  (Another good reason to install SiteAdvisor!) Alternate Data Streams (ADS) are data hidden as metadata.  They are invisible in Explorer and their size is unreported by Windows.  Browser hijackers began hiding their files within Alternate Data Streams.  Not all anti-malware scanners are capable of detecting this threat.  This little-known compatibility feature of NTFS provides cyber-vandals with the ability to hide rootkits and other malware on a breached system.  This enables them to be executed without being detected by the system administrator. Use ADS Spy, Hijack This!, or X-Cleaner to identify and remove these lethal streams. SSL Insecurity (SSL vulnerabilities are legendary) "Unfortunately, the simple fact we use SSL does not necessarily mean that the information sent over this protocol is secure. The use of weak encryption, the impossibility of verifying web servers' certificates, security vulnerabilities in web servers or the SSL libraries, as well as other attacks, may each let intruders access sensitive information -- regardless of the fact that it is being sent through the SSL." Bugs Put Widely-Used DNS Servers At Risk The vulnerabilities could be exploited to "cause a variety of outcomes," including crashing the DNS server or possibly providing attackers with a way to run unauthorized software, according to an advisory, posted today by the U.K.'s National Infrastructure Security Co-ordination Centre. Firewalls Made of Straw "... but it should be clear that with this type of communication, no one product can offer absolute protection. There is no magical security solution; firewalls and anti-virus application are but tools to cover a very small portion of a very big hole. Especially in a corporate environment, where the rewards (and motivation) for an attacker are the greatest, nothing can ever be taken for granted." E-commerce Head's In The Sand Grimes began digging into these nasty SSL-evading Trojans (see "E-Commerce in crisis: When SSL isn’t safe"), and discovered that they had been around for a while, yet almost no one had heard of them. Worse, those who had didn’t seem all that interested in doing anything about them! Wireless Attacks "Robert Moskowitz of ICSA Labs has found that WPA pass-phrases containing dictionary words less than 20 characters long could possibly be cracked. This is made possible partly because a cracker can make an access point regenerate the key exchange with the client in less than 60 seconds. Even though the key exchange is indeed secured, it can be extracted and cracked offline. Choose your pass-phrases carefully." Spyware Keylogger Intro "Spyware usually gets into the computer through banner ad-based software where the user is enticed to install the software for free. Other sources of spyware include instant messaging, various peer-to-peer applications, popular download managers, online gaming, many porn / crack sites, and more." IBM Launches Services to Combat Malware IBM researchers have designed a novel intrusion detection tool, code named "Billy Goat," (do we detect sour grapes here?) that not only provides early detection of worm attacks but also greatly reduces the false alarm rate. ... One of the greatest threats to security has come from automatic, self-propagating attacks such as viruses and worms. These attacks scan networked servers at random until they are able to place a harmful program on a server using a maliciously crafted request. The program uses the now-infected server as a base from which to attack other servers. The direct result is rapid exponential growth in the number of attacks leading to load-induced network failure. Leap of Faith: Using the Internet Despite the Dangers The report found that concern about identity theft is substantial, and is changing consumer behavior in major ways. Four in five Internet users (80 percent) are at least somewhat concerned someone could steal their identity from personal information on the Internet. Nearly nine out of ten users (86 percent) have made at least one change in their behavior because of this fear. Virus Writers Add Rootkit Technology ... Bagle-GE incorporates rootkit features designed to hide the processes and registry keys of another Trojan of the same family, Bagle-GF. The development has raised particular concerns because of strong links between Bagle and the operations of numerous botnets, networks of compromised Windows PCs that are often used to either distribute spam or attack other systems. Unprotected computer hijacked in four minutes! Surfing the web has never been more risky.  Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously. (Most unprotected computers connected to the Internet will be breached within eight minutes and can be turned into Zombie servers soon thereafter, thus enabling them to commence attacking other PCs.) Hackers Pose New Threat To Desktop Software The non-profit SANS Institute is particularly concerned about security holes it has discovered in widely-used backup software made by Computer Associates, Symantec and Veritas.  ... other types of applications, such as database programs and popular media player software, such as RealPlayer and iTunes, were also vulnerable. Security had been set back years as software vendors scrambled to address the new threat. “We’ve gone back to the stone age." Fuzzy Logic, indeed! Data fuzzing, or mangling, has been used often by security and quality-control engineers to test network devices. In 2002, the University of Oulu's Secure Programming Group (OUSPG) used the techniques to locate a slew of flaws in the implementation of a basic communication protocol known as Abstract Syntax Notation One, or ASN.1, on which Internet protocols are based. The next year, the university used the same technique to find issues in a protocol used for Internet telephony. Beginner's Security Articles Who says that newbies have to walk around with their pants around their ankles?  Here is a sizable collection of articles from GovernmentSecurity.org that make system security something akin to child's play ... well, not really.  But it does give the advanced user greater insight into what is important.  Newbies will just have to fend for themselves -- tripping over their pants more often than not. An Inside Look At Botnets A thesis (in Adobe PDF format) that discusses reactive methods for network security that are predominant and ultimately insufficient.  More proactive methods are required. One such approach is to develop a foundational understanding of the mechanisms employed by malicious software which is often readily available in source form on the Internet. In this paper the authors begin the process of codifying the capabilities of malware by dissecting four widely-used Internet Relay Chat (IRC) botnet codebases.  Each codebase is classified along seven key dimensions including botnet control mechanisms, host control mechanisms, propagation mechanisms, exploits, delivery mechanisms, obfuscation and deception mechanisms. The study reveals the complexity of botnet software, and the authors discuss implications for defense strategies based on the resultant analysis. Proof-of-concept worm exploits Windows PowerShell Vista is not even out of beta yet, and the potential for exploitation rears its ugly head once again.  First it was Damon.A, one year later (almost to the day) it appears as though MSH/Cibyz!p2p is going to give the bad guys more ideas. We guess malware authors have us all by the "monads". (Windows insider joke -- look it up!) Security News Archives A little light reading from SecuirtySpace, best read before bedtime. And do not forget the published proof-of-concept regarding cross-platform malware that jumps from Linux to Windows and back again.  It has absolutely nothing on the dreaded Bird Flu and sundry cross-species infections.  Despite an overzealous press, nothing is new here.  At least two such malware infections with similar cross-platform capabilities have existed in the wild for at least five years. If you don't mind our asking, how is your mobile phone service?  Malware is thriving in that venue as well (such as the latest SMS spoofs).  We envision a new cellular service ad campaign in which the central character screams into his cell phone "CAN YOU HEAR ME ... AT ALL?" Have a pleasant day ... and a sleepless night! FINAL CAVEAT:  There are absolutely NO guarantees; express, implied, or statutory; that will ever ensure absolute safety and security in cyberspace -- or in life for that matter.  Anyone who suggests otherwise is lying to you!  You must be willing to accept full responsibility for your actions -- and the consequences of those actions.  The majority of the spam that you receive, every cookie that you accept, every rogue application that you install, and every infection that you experience can ultimately be traced back to your actions (or inactions) and the actions of those within your immediate sphere of influence.  Deal with this paradoxical dilemma wisely, but above all STAY SAFE!